Wireshark · Ethereal-dev: Re: [Ethereal-dev] Priv sep in ethereal

["Stephen Samuel (leave the email alone)" <samnospam@xxxxxxxxxxx>]

Couldn't someone write a 'withnpf' script that starts
NPF, runs ethereal and then stops NPF?

I realize that you'd still need a 'bare' ethereal for situations
where you want to run more than one instance of ethereal, but
this would be pretty good for the default situation.

Similarly, are there 'start NPF' and 'stop NPF' icons available?


Lars Roland wrote:
> Ulf Lamping schrieb:
>
> > Lars Roland wrote:
> >
> > > I found an interesting tool that comes with WinPcap.
> > > For administrators wanting to achieve privilege separation for 
> > > ethereal and to have NPF driver loaded only when necessary, look at 
> > > this:
> > >
> > > C:\Programme\WinPcap>npf_mgm.exe /?
> > > NPF Management - Written by Gianluca Varenni (varenni@xxxxxxxxx)
> > >
> > > syntax: npf_mgm -s -x -u -i -r -a -d
> > >
> > >         -s starts NPF driver
> > >         -x stops NPF driver
> > >         -u uninstalls NPF driver
> > >         -i installs NPF driver
> > >         -r uninstalls and reinstalls NPF driver
> > >         -a changes the NPF driver start-type to auto-start
> > >         -d changes the NPF driver start-type to demand-start
> > >
> > > Using "runas" with this tool, you can load the NPF driver just before 
> > > starting ethereal, and unload it when you don't need it anymore.
> > But what's the benefit compared against "net start npf"  / "net stop 
> > npf"? I don't see any real difference.
> Ok, there is probably no difference to "npf_mgm -s" / "npf_mgm -x"


--
Stephen Samuel +1(604)876-0426             samnospam@xxxxxxxxxxx
		   http://www.bcgreen.com/
   Powerful committed communication. Transformation touching
     the jewel within each person and bringing it to light.